- (Topic 6)
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint.
When users attempt to access the portal of a partner company, they receive the message shown in the following exhibit.

You need to enable user access to the partner company's portal. Which Microsoft Defender for Endpoint setting should you modify?

1. A. Alert notifications
2. B. Alert suppression
3. C. Custom detections
4. D. Advanced hunting
5. E. Indicators

Correct Answer: E

This Website Is Blocked By Your Organization
Custom indicators will block malicious IPs, URLs, and domains. Then, they will display the above message for the user.
Reference: https://jadexstrategic.com/web-protection/

- (Topic 6)
You have a Microsoft 365 E5 subscription.
You need to recommend a solution for monitoring and reporting application access. The solution must meet the following requirements:
• Support KQL for querying data.
• Retain report data for at least one year.
What should you include in the recommendation?

1. A. a security report in Microsoft 365 Defender
2. B. End point analytics
3. C. Microsoft 365 usage analytics
4. D. Azure Monitor workbooks

Correct Answer: D

- (Topic 6)
You need to notify the manager of the human resources department when a user in the department shares a file or folder from the departments Microsoft SharePoint Online site. What should you do?

1. A. From the SharePoint Online site, create an alert.
2. B. From the SharePoint Online admin center, modify the sharing settings.
3. C. From the Microsoft 365 Defender portal, create an alert policy.
4. D. From the Microsoft Purview compliance portal, create a data loss prevention (DLP) policy.

Correct Answer: D

- (Topic 6)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription.
You create an account for a new security administrator named SecAdmin1.
You need to ensure that SecAdmin1 can manage Office 365 Advanced Threat Protection (ATP) settings and policies for Microsoft Teams, SharePoint, and OneDrive.
Solution: From the Microsoft 365 admin center, you assign SecAdmin1 the SharePoint admin role.
Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: B
You need to assign the Security Administrator role. Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-atp?view=o365-worldwide

- (Topic 6)
You have a Microsoft 365 E5 tenant.
You create an auto-labeling policy to encrypt emails that contain a sensitive info type. You specify the locations where the policy will be applied.
You need to deploy the policy. What should you do first?

1. A. Review the sensitive information in Activity explorer
2. B. Turn on the policy
3. C. Run the policy in simulation mode
4. D. Configure Azure Information Protection analytics

Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide